Compliance & sanctions enforcement

What IP-Atlas gives you

Field	Use
`country`	ISO 3166-1 alpha-2, RIR-sourced. Check against OFAC SDN, EU sanctions, UK HMT lists.
`registry`	Which RIR allocated the block. Useful for regional enforcement audits.
`is_vpn`, `is_datacenter`	Flag attempts to bypass geo blocks via VPN or cloud relays.
`abuse_contact` roadmap	For automated takedown notices when you detect abuse.

OFAC-style block pattern

// Current US-OFAC comprehensive-sanctions list (2026)
const BLOCKED = ['IR', 'KP', 'SY', 'CU'];

app.use(async (req, res, next) => {
  const r = await ipa.lookup(req.ip);
  if (BLOCKED.includes(r.country)) {
    audit.log({ event: 'sanctions-block', ip: req.ip, country: r.country, ts: Date.now() });
    return res.status(451).send('Service not available in your jurisdiction.');
  }
  if (r.is_vpn) {
    // extra scrutiny: challenge with KYC step-up
  }
  next();
});

Audit considerations

Log every block. Store the IP, country, ASN, timestamp, and IP-Atlas response version. Auditors will ask.
Don't delete the log. Sanctions enforcement audits typically reach back 5 years.
Document your lists. OFAC changes designations; your block list should be source-controlled with clear changelogs.
Assume VPN bypass. A motivated user can use a commercial VPN. Combine IP with KYC for high-stakes decisions.

This page is engineering guidance, not legal advice. Your compliance team owns the list. We give you a reliable country determination and the signals to catch bypass attempts.

Enforce jurisdiction at the edge.

What IP-Atlas gives you

OFAC-style block pattern

Audit considerations